• Kamil Trzciński's avatar
    Extract GitLab Pages using RubyZip · 66744469
    Kamil Trzciński authored
    RubyZip allows us to perform strong validation of
    expanded paths where we do extract file.
    
    We introduce the following additional checks
    to extract routines:
    
    1. None of path components can be symlinked,
    2. We drop privileges support for directories,
    3. Symlink source needs to point within the target directory,
       like `public/`,
    4. The symlink source needs to exist ahead of time.
    66744469
Name
Last commit
Last update
..
invalid-symlink-does-not-exist.zip Loading commit data...
invalid-symlinks-outside.zip Loading commit data...
valid-non-writeable.zip Loading commit data...
valid-simple.zip Loading commit data...
valid-symlinks-first.zip Loading commit data...